Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown
CVE-2004-1478
Disclosure Date: December 31, 2004 (last updated February 22, 2025)
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
0
Attacker Value
Unknown
CVE-2004-0928
Disclosure Date: October 05, 2004 (last updated February 22, 2025)
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
0
Attacker Value
Unknown
CVE-2001-1120
Disclosure Date: July 11, 2001 (last updated February 22, 2025)
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
0
Attacker Value
Unknown
CVE-1999-0760
Disclosure Date: March 12, 2001 (last updated February 22, 2025)
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.
0
Attacker Value
Unknown
CVE-2000-0538
Disclosure Date: June 07, 2000 (last updated February 22, 2025)
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.
0
Attacker Value
Unknown
CVE-1999-0477
Disclosure Date: December 25, 1999 (last updated February 22, 2025)
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
0